DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, final filed on February 18, 2020, is accepted.
Claims 1 – 3 are being considered on the merits.

Drawings
The drawings, filed on February 18, 2020, are accepted.

Specification
The specification, filed on February 18, 2020, is accepted.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.



Claims 1 - 3 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 1 – 3 recite the limitation "the commitments from block Ni" in line 28.  There is insufficient antecedent basis for this limitation in the claim. For the purpose of examination, “the commitments from block Ni” is interpreted as “commitments from block Ni”.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 3 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190034923 A1 to Greco et al., (hereafter, “Greco”) in view of WO 2018007828 A2 to Davies.
Regarding claim 1 - 3, Greco teaches a system for selective transparency in a public ledger, the system comprising: one or more processors and associated one or more memories, each of the one or more memories being a non-transitory computer-readable medium having executable instructions encoded thereon, such that upon execution of the instructions, [Greco, para. 49 discloses The device comprises a display, a processor and a non-transitory computer readable memory storing a secure transfer agent including a transmit function] the one or more processors perform operations of: logging a first submission by a first entity to the public ledger by performing operations [Greco, para. 29 discloses he distributed ledger data is able to comprise a ledger including pairs of data representing items 102 and the current and/or past custodian of those items 102. For example, as described in detail below, items 102 are able to be registered on the ledger with an initial custodian/registrant being associated with the item 102. This association is able to be kept confidential by the ledger recording the results of functions/hashes applied to the actual data (e.g. an item identifier hash representing the item identifier and a custodian hash representing the custodian identifier) such that the actual data can only be determined using proofs designed to decode/reverse the functions/hashes. As a result, the ledger is able to confidentially record each change of custody of an item 102 (e.g. as executed/verified/recorded by a custody transaction agent described below) is able to be reflected on the chain of custody on the distributed ledger 106 for that item 102 indicating one or more of a timestamp, the item 102 identifier (e.g. item identification hash) a new custodian (e.g. custodian hash) and/or other information about the item 102, the new custodian, the previous custodian or the transaction itself] of: constructing a data entry with a message M; [Greco, para. 40 discloses  the agent 107 automatically sends a private message to the recipient (e.g. to the agent 107 on the device 104 of the recipient), the message comprising the item identifier (‘identifier’), the salt value (‘identifierSalt’), the redemption value (‘redemptionSalt’) and the sender proof (‘senderProof’). The redemption token and the identifier hash do not need to be sent because the recipient is able produce them from the other values (e.g. redemptionToken = hash (recipientIdentity ∥ redemptionSalt); and identifierHash = hash (identifier ∥ identifierSalt)). In some embodiments, the message might also contain the sender identity (senderIdentity), for example, if the sender operates with multiple identities using the same communication channel for private messages.] constructing a commitment to an identification number (ID) corresponding to message M, the commitment being constructed based on randomness r; [Greco, para. 40 discloses the agent 107 automatically sends a private message to the recipient (e.g. to the agent 107 on the device 104 of the recipient), the message comprising the item identifier (‘identifier’), the salt value (‘identifierSalt’), the redemption value (‘redemptionSalt’) and the sender proof (‘senderProof’). The redemption token and the identifier hash do not need to be sent be sent because the recipient is able produce them from the other values (e.g. redemptionToken = hash (recipientIdentity ∥ redemptionSalt); and identifierHash = hash (identifier ∥ identifierSalt)). Para. 50 discloses an agent 107 of the transfer device 104 receives a selection of an asset and input of a recipient identifier identifying a recipient to which the asset is to be transferred at the step 302. The agent 107 of the transfer device 104 generates a redemption token for the asset by hashing the recipient identifier and a randomly generated redemption value together at the step 304. The agent 107 of the transfer device 104 creates a zero-knowledge sender proof for the asset identifier of the asset based on the salt value, the redemption value, a sender identifier identifying a current custodian of the asset and the custody pass of the asset at the step 306. The agent 107 of the transfer device 104 sends the asset identifier, the salt value, the redemption token and the sender proof to the recipient transfer device at the step 308] encrypting the ID and the randomness r; [Greco, para. 35 discloses the agent 107 is able to randomly generate or assign a value as the item identifier for the item 102. In some embodiments, the item identifier has the format of or is able to be an SGTIN of the item 102. In some embodiments, the item identifier is stored or written on a tag or label coupled to the item 102 (e.g. a public key stored on the tag coupled to the item 102). The transfer device 104 randomly generates a salt value for the item 102 “identifierSalt,” for example, using a cryptographically secure random number generator of the agent 107. In some embodiments, the salt value is a cryptographic salt, wherein in cryptography, a salt is random data that is used as an additional input to a one-way function that “hashes” data (e.g. a password or passphrase). Para. 40 discloses the agent 107 of the device 104 then automatically generates a redemption value (‘redemptionSalt’), using the cryptographically secure random number generator. Next the agent 107 is able to create a redemption token (‘redemptionToken’) by hashing the identifier of the intended recipient (‘recipientIdentity’) and the redemption value (‘redemptionSalt’) together in order to create a one-time code that allows only the intended recipient to accept the transfer of the item 102/digital identity/item identifier] concatenating the message M, commitment, and encryption data into a data payload D; and [Greco, para. 40 discloses function senderCircuit(x, w) { return ( hash(w.identifier ∥ w.identifierSalt) == x.identifierHash && hash(w.senderIdentity ∥ w.custodyPass ∥ w.identifierSalt) == x.custodianHash && hash(w.recipientIdentity ∥ w.redemptionSalt) == x.redemptionToken ) }. The agent 107 automatically sends a private message to the recipient (e.g. to the agent 107 on the device 104 of the recipient), the message comprising the item identifier (‘identifier’), the salt value (‘identifierSalt’), the redemption value (‘redemptionSalt’) and the sender proof (‘senderProof’). The recipient device 104 sends a message including the identifier hash, the redemption token, the new custodian hash, the sender proof and the recipient proof to the transaction agent along with the request for transfer of the item 102 on the distributed ledger 106. Para. 42 discloses the recipient agent 107 calculates the identifier hash from the item identifier and the salt value, both transmitted by the sender agent 107 in the private message. In some embodiments, the identifier hash is included in the private message by the sender agent 107. The recipient agent 107 calculates the redemption token from the known recipient identity and the redemption value, transmitted by the sender agent 107 in the private message.], but Greco does not teach logging the payload D into the public ledger as the first submission and providing the first entity with a block number of payload D along with 
However Davies does teach, logging the payload D into the public ledger as the first submission and providing the first entity with a block number of payload D along with values of message M, ID, and r; [Davies, page 3 lines 13 – 20 discloses recording a data transaction comprising, at a device associated with a first entity, determining first seed data, generating a record of a first data transaction between the first entity and a second entity, determining second seed data by combining at least the first seed data and the record of the first data transaction, generating a first hash by hashing the second seed data, the first hash comprising a history of data transactions involving the first entity, and storing the first hash against the record of the first data transaction in a memory] recording a linkage by a second entity, the linkage being an encryption and commitment linking the submission by the first entity to a second submission by the second entity; [Davies, page 8 lines 24 – 29 discloses sending the first hash to a device associated with the second entity receiving a second hash from a device associated with the second entity, wherein the second hash may comprise a hash of a previous data transaction involving the second entity, and generating a record of a second data transaction between the first party and the second party. Page 11 lines 15 – 25 discloses the device may further be configured to send a signed, encrypted copy of the record of the first data transaction to the device associated with the second entity, wherein the signature may comprise an indication of a destination server for that record. The device may be configured to sign the record with a specific off-line public key. The device may be configured to sign the record with a key belonging to the device. Only the destination server may be able to decrypt the encrypted copy of the record of the first data transaction. The device may be configured to send the encrypted records of its off-line data transactions and the associated hashes to its corresponding server when the device regains connection with its corresponding server] decrypting the linkage to provide a regulator a decrypted linkage entry; [Davies, page 11 lines 19 – 24 discloses the device may be configured to sign the record with a key belonging to the device. Only the destination server may be able to decrypt the encrypted copy of the record of the first data transaction. The device may be configured to send the encrypted records of its off-line data transactions and the associated hashes to its corresponding server when the device regains connection with its corresponding server] and verifying the linkage by performing operations of: determining a value of linkage verification information; [Davies, page 11 discloses the authorising may comprise verifying a signature on a communication between the request server and the first host server. Page 13 lines 30 – 31 to page 14 lines 1 – 12  discloses confirming an authentication code indicating that the first registration should be switched from the current account provider to the new account provider. The first account registration may comprise a first user credential, and the second account registration may comprise a second user credential. The first user credential may be registered at a first server and the second user credential may be registered at a second server. The method may further comprise receiving, by the first account provider, a communication directed to a user using the first user credential, routing the communication to the second account provider using the second user credential. The method may further comprise reversing a data transaction made with the first registration provider using the first credential to the second registration provider using the second user credential. The method may further comprise determining that the user used the first user credential at the time of the data transaction.] transmitting the value of the linkage verification information and corresponding block number to a third entity without revealing the ID committed to; [Davies, page 6 line 14 – 19 discloses conveying a shared memory channel from a first module to a proxy, conveying the shared memory channel from the proxy to a second module, wherein the proxy comprises a hand-off module configured to transmit data between the first module and the second module by bypassing the kernel of the computer system, transmitting data from the first module to the second module. Page 17 line 26 – 29 discloses serializing data such that the components of the data transmission from the first module are combined as a single data stream and then separated into the components at the second module. Page 70 lines 19 – 26 discloses device will send to the server the encrypted records of its off-line transactions and their associated hashes. It will also send that server the copies of other transactions that it holds, such as the records from its counterparties, and the server will then transmit those records and their associated hashes to the servers with which those counterparty devices are registered. Each device will create its own unique internal transaction number (such as one generated by a monotonic counter, for example) that will identify its part in a transaction. Page 82 lines 5 -10 discloses validates all of the hashes in its transaction network, account 506 only holds the transaction records for the transactions that it has entered into with other accounts, systems, or servers. It knows nothing about the content of the transactional records for the transactions between accounts 502 and 504] reading, by the third entity, the commitments from block Ni and verifying that the commitments are commitments to the same ID using the linkage verification information, where Ni is a block number indexed by i. [Davies, page 47 line 9 – 22 discloses all writes (updates and dependent inserts) verify that this version ID is current for all relevant data as an optimistic transaction. This means that if a source reads three records to obtain various account attributes (e.g., permissions, balance, and currency data), then this cluster of data has a coherent version ID. If any of those values are then updated, or dependent data is written (e.g., a financial transfer), the version ID is again confirmed as current and if it differs - say the currency assumptions changed, or exchange rates were modified - the write, as a whole, fails completely. The downstream service re-reads, if appropriate, and assesses whether the data changes the transaction in any material way. If not then the transaction is submitted anew. If, again, the transaction fails, it is repeated until the configurable number of retry attempts is exceeded and a hard failure is emitted. A hard fail would be extremely unlikely in normal circumstances. Page 89 lines 13 – 22 discloses the hash chain allows programmed devices, including loT devices to operate both on-line and off-line. If when off-line the devices include time stamps, 15 information on that device’s clock skew, the device’s unique transaction ID (generated, for example by an internal monotonic counter) and other synchronization information in the transactional information, then they enable their servers to reconstruct accurate timelines that preserve the causality for each transaction when those servers finally receive records of the off-line transactions from the devices or from third party servers. The hash chain, both in its on-line and in off-line modes, allows the servers to rely on the content of the transactional records.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Davies’s system with Greco’s system, with a motivation to Integrating a zero knowledge proof with the correct PAKE or similar protocol means that the audit trail is generated by the transaction, and that the transaction and its records become part of the audit trail. This has profound implications for real time transactions, as they are now audited and thus reported in real-time. [Davies, page 83 lines 1 - 5]

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893.  The examiner can normally be reached on Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications 






/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        

/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434